How to Adopt the Public Cloud While Attaining Private Cloud Control and Security

Earlier this year, McKinsey & Company released an article titled “Protecting information in the cloud,” discussing the increased use of cloud computing by enterprises across several industries and the benefits and risks associated with cloud usage. The article recognizes that many organizations are already using cloud applications and as a result realizing the associated efficiency and cost benefits. In fact, most of these organizations are looking to increase their usage of the cloud this year and beyond in both private and public environments. However, there are issues that are inhibiting adoption, such as risks tied to data security and concerns around privacy and compliance.

The McKinsey article rightly points out that allowing perceived risks to bar further adoption of the cloud is not a realistic option for most organizations, given the many compelling benefits offered and the need to be competitive in today’s economy. Enterprises must determine ways to embrace the cloud while also being able to satisfy important questions concerning security, compliance and regulatory protection that are hampering aggressive movement to the cloud.

The benefits of choosing either a public or private cloud option over the traditional on-premise deployment are clearly outlined in the article. McKinsey concludes that the solution for many enterprises will be a hybrid approach of public and private cloud and therefore, the primary question becomes which applications belong in which environments. This is where the article begins to fall short in its analysis of the issues surrounding cloud adoption, because it does not fully consider all solutions available, including cloud encryption gateways.

The McKinsey article recommends applications such as Customer Resource Management (CRM) and Human Capital Management (HCM) as logical choices for public cloud deployment. However, from my experience, many companies face barriers to even these types of applications for a variety of reasons, including the need to retain full control of any personally identifiable information (customer or employee) or to protect regulated data that may be subject to sector-based compliance requirements (think ITAR, HIPAA, PCI DSS, etc.). These important compliance and regulatory concerns frequently force enterprises down an on-premise path (either a traditional enterprise software implementation or via a private cloud deployment).

In these situations, a cloud encryption gateway can be used to keep the control of sensitive data in the hands of the organization that is adopting the public cloud service. These gateways intercept sensitive data while it is still on-premise and replace it with a random tokenized or strongly encrypted value, rendering it meaningless should anyone hack the data while it is in transit, processed or stored in the cloud. In addition, some gateways ensure that end users have access to all of the cloud application’s features and functions such as ability to do standard and complex searches on data, send email, and generate reports – even though the sensitive data is no longer in the cloud application.

Applications McKinsey believes should be located on a private cloud include enterprise resource planning (ERP), supply chain management, and custom applications. McKinsey recommends a private deployment option for this class of application largely due to the sensitivity of the data that is processed and stored in them. But private clouds, while a nice improvement over legacy on-premise deployment models, unfortunately cannot approach the TCO and elasticity benefits that true public-cloud SaaS providers offer enterprises. So, just like with CRM and HCM, the real opportunity for this class of applications is to figure out a model that marries the data security of a private cloud deployment with the unique TCO and elasticity value propositions of public cloud.

Here again cloud encryption gateways can play a critical role. As described earlier, enterprises would be able to move these sensitive applications onto a public cloud resource with a cloud encryption gateway that would directly satisfy any corporate concerns regarding data security, privacy and residency requirements.

Of course, not all cloud encryption gateways are created equal, so please refer to this recent paper, which provides important questions to ask when determining which gateway is the right fit for you.

Gerry Grealish leads the marketing & product organizations at PerspecSys Inc., a leading provider of cloud data security and SaaS security solutions that remove the technical, legal and financial risks of placing sensitive company data in the cloud. The PerspecSys Cloud Data Protection Gateway accomplishes this for many large, heavily regulated companies by never allowing sensitive data to leave a customer’s network, while simultaneously maintaining the functionality of cloud applications.